Business Agility and Resilience Drive Demand for Risk and Compliance Services

April, 2021

COVID-19 has emphasized the need for regulatory compliance, internal compliance controls, and the use of security frameworks and tools. Meanwhile, the regulatory environment is increasingly complex, particularly for multinational companies, as they struggle to comply with sometimes conflicting regulations across regions. Risks have changed with a growing cloud environment and increasingly diverse IT service portfolio. The need for a strong governance, risk, and compliance (GRC) partner has grown.

These emerging trends are covered in our Risk and Compliance Services 2020-2021 RadarView™ report. The report is a comprehensive study of the industry-wide adoption of risk and compliance services. It includes the essential drivers, geographic landscape, key challenges, and a close look at the leaders, innovators, disruptors, and challengers in this market.

Avasant evaluated 30 providers across three dimensions: practice maturity, partnership ecosystem, and investments and innovation. Of those 30 providers, we recognize 20 as having brought the most value to the market during the past 12 months.

The report recognizes service providers in four categories:

    • Leaders: Accenture, HCL, IBM, TCS, and Wipro
    • Innovators: Atos, Cognizant, DXC, Infosys, and Telefonica Tech
    • Disruptors: AT&T Cybersecurity, Capgemini, LTI, Mphasis, and Tech Mahindra
    • Challengers: CGI, Fujitsu, Lumen Technologies, Trustwave, and Verizon

Figure 1 from the full report illustrates these categories:

MoneyShotRiskandComplianceServices2020 2021RadarView 1030x687 - Business Agility and Resilience Drive Demand for Risk and Compliance Services


Mark Gaffney, a Director with Avasant, congratulated the winners noting, “As enterprises accelerate cloud adoption, business leaders need to apply security control and compliance measures based on industry standards. Moreover, it calls for a cloud services evaluation process based on all aspects of a company’s GRC requirements and policies.”

Some of the findings from the full report include the following:

  1. All businesses need a robust GRC program.
    • In a stringent and ever-evolving regulatory environment, enterprises are increasingly looking towards tools and platforms-based solutions to solve their GRC requirements. Increased migration to cloud and a lack of consistency and transparency among disparate business units are some other drivers.
    • The GRC landscape gets further complicated in global organizations, which operate across multiple borders with additive policies and controls.
  2. Regulations such as GDPR, CCPA, and HIPAA affect all industries.
    • Highly regulated industries such as banking, healthcare and life sciences, and manufacturing must adhere to regulations and operate within the policy frameworks.
    • The key factors driving demand for GRC solutions are an increased need to protect consumer data, securing end-to-end processes across enterprises, reducing the cyberattack threat impact, and minimizing the financial impact of regulatory noncompliance.
  3. C-level sponsorship is required to engrain GRC into a company’s culture.
    • Typically, GRC services implementations are championed by the compliance operations team.
    • It is important to secure the supply chain and the cloud environment of global organizations. This would require a thorough third-party risk management evaluation.
  4. Service providers are driving focus on automation and new business models.
    • Service providers continue to invest in automation capabilities to solve business challenges. Solutions include carrying out quality assurance reviews in a shorter timeframe and streamlining and automating IT recovery processes.
    • Many service providers offer Chief Information Security Officer (CISO) support for end-to-end security requirements, from devising a strategy to managing operations and implementation services.

“As the regulatory environment evolves, there is an increased need to adopt GRC tools and platforms that automate risk management processes and provide for risk and compliance reporting. These tools help increase visibility and improve enterprise security posture,” said Avasant’s Associate Research Director, Gaurav Dewan.

The full report also features detailed RadarView profiles of the 20 service providers, along with their solutions, offerings, and experience in assisting enterprises in digital transformation.

This Research Byte is a brief overview of the Risk and Compliance Services 2020-2021 RadarView report (click for pricing).